Tux Machines
Posted by Roy Schestowitz on May 11, 2023
=> Microsoft Harm and Failure, Dying Business Units | KDE Gear 23.04.1 Is Out to Improve Kdenlive, Spectacle, Dolphin, and More
=> ↺ PIPEDREAM Malware against Industrial Control Systems
Another nation-state malware, Russian in origin: [...]
=> ↺ Feds Uncover a ‘Swiss Army Knife’ for Hacking Industrial Control Systems
On Wednesday, the Department of Energy, the Cybersecurity and Infrastructure Security Agency, the NSA, and the FBI jointly released an advisory about a new hacker toolset potentially capable of meddling with a wide range of industrial control system equipment. More than any previous industrial control system hacking toolkit, the malware contains an array of components designed to disrupt or take control of the functioning of devices, including programmable logic controllers (PLCs) that are sold by Schneider Electric and OMRON and are designed to serve as the interface between traditional computers and the actuators and sensors in industrial environments. Another component of the malware is designed to target Open Platform Communications Unified Architecture (OPC UA) servers—the computers that communicate with those controllers.
=> ↺ APT Cyber Tools Targeting ICS/SCADA Devices
In addition, the APT actors can use a tool that installs and exploits a known-vulnerable ASRock-signed motherboard driver, AsrDrv103.sys, exploiting CVE-2020-15368 to execute malicious code in the Windows kernel. Successful deployment of this tool can allow APT actors to move laterally within an IT or OT environment and disrupt critical devices or functions.
=> ↺ Capita Says Ransomware Attack Will Cost It Up to $25 Million
UK-based business process outsourcing and professional services company Capita said on Wednesday that it expects to incur costs ranging between roughly £15 million ($19 million) and £20 million ($25 million) as a result of the recent cybersecurity incident, but it has not clarified whether that includes a ransom payment to the [attackers].
=> ↺ Dragos Says Ransomware Gang Accessed Limited Data but Failed at Extortion Scheme
Industrial cybersecurity vendor Dragos on Wednesday said a known ransomware group breached its defenses and accessed threat intel reports, a SharePoint portal and a customer support system but ultimately failed in an elaborate extortion scheme that included private messages to company executives.
=> ↺ Ranking ransomware: The gangs, the malware and the ever-present risks
These are just two of the known ransomware attacks that occur daily around the world targeting small and large businesses, government organizations, nonprofits and medical facilities. Names like Royal and PLAY apply to both the strain of malware used in the attacks and the groups that create and operate the platforms behind them, but those names may signify little else to executives and other decision-makers on the frontlines of defending against ransomware.
=> gemini.tuxmachines.org This content has been proxied by September (ba2dc).Proxy Information
text/gemini;lang=en-GB